Ssl 用于https连接的Kubernetes裸机设置
大家好,本教程中我的kubernetes裸机设置如下: 除此之外,我只使用一个主节点,并将其污染到一个工作节点,所以我有一个单独的机器Kubernetes集群 现在,通过下面的部署、服务、集群服务器和入口,我不仅尝试获得http连接,还尝试通过NodePort获得https连接。但遗憾的是,我只能通过http通过Ssl 用于https连接的Kubernetes裸机设置,ssl,kubernetes,yaml,kubernetes-ingress,kubernetes-pod,Ssl,Kubernetes,Yaml,Kubernetes Ingress,Kubernetes Pod,大家好,本教程中我的kubernetes裸机设置如下: 除此之外,我只使用一个主节点,并将其污染到一个工作节点,所以我有一个单独的机器Kubernetes集群 现在,通过下面的部署、服务、集群服务器和入口,我不仅尝试获得http连接,还尝试通过NodePort获得https连接。但遗憾的是,我只能通过http通过playway.mywebsite.com:30081和playway.mywebsite.com:31000访问这两个地址(显然我改变了我原来的网站) 获取https连接时我做错了什
playway.mywebsite.com:30081
和playway.mywebsite.com:31000
访问这两个地址(显然我改变了我原来的网站)
获取https连接时我做错了什么?
感谢您的帮助,如果您缺少需要为您描述的一些日志或资源的任何信息,请与我联系。
这是我的以下代码:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-deployment
labels:
app: hello-world
spec:
selector:
matchLabels:
app: hello-world
replicas: 2
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: bhargavshah86/kube-test:v0.1
ports:
- containerPort: 80
resources:
limits:
memory: 256Mi
cpu: "250m"
requests:
memory: 128Mi
cpu: "80m"
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
app: hello-world
ports:
- name: https
protocol: TCP
port: 443
targetPort: 80
nodePort: 31000
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 30081
type: NodePort
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: ssl-hello-world
spec:
acme:
email: my@email.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: ssl-hello-world
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-world
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: "ssl-hello-world"
ingress.kubernetes.io/ssl-redirect: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
spec:
tls:
- hosts:
- playground.mywebsite.com
secretName: hello-world
rules:
- host: playground.mywebsite.com
http:
paths:
- backend:
serviceName: hello-world
servicePort: 443
这是我的kubectl描述证书的结果
:
Name: hello-world
Namespace: default
Labels: <none>
Annotations: acme.cert-manager.io/http01-override-ingress-name: hello-world
cert-manager.io/issue-temporary-certificate: true
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-10-20T09:57:46Z
Generation: 2
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:acme.cert-manager.io/http01-override-ingress-name:
f:cert-manager.io/issue-temporary-certificate:
f:ownerReferences:
.:
k:{"uid":"ad7f81f5-39da-4ed7-855c-19262f012094"}:
.:
f:apiVersion:
f:blockOwnerDeletion:
f:controller:
f:kind:
f:name:
f:uid:
f:spec:
.:
f:dnsNames:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:secretName:
f:status:
.:
f:conditions:
f:nextPrivateKeySecretName:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-10-20T11:49:41Z
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: hello-world
UID: ad7f81f5-39da-4ed7-855c-19262f012094
Resource Version: 3376660
Self Link: /apis/cert-manager.io/v1/namespaces/default/certificates/hello-world
UID: f40ce72b-40b8-4b2d-a7e3-b5f637788e01
Spec:
Dns Names:
playground.mywebsite.com
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: ssl-hello-world
Secret Name: hello-world
Status:
Conditions:
Last Transition Time: 2020-10-20T11:49:41Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Last Transition Time: 2020-10-20T11:47:05Z
Message: Issuing certificate as Secret was previously issued by Issuer.cert-manager.io/ssl-letsencrypt-hello-world
Reason: IncorrectIssuer
Status: True
Type: Issuing
Next Private Key Secret Name: hello-world-vpbxz
Not After: 2021-01-18T11:49:41Z
Not Before: 2020-10-20T11:49:41Z
Renewal Time: 2020-12-19T11:49:41Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 50m cert-manager Issuing certificate as Secret was previously issued by Issuer.cert-manager.io/ssl-letsencrypt-hello-world
Normal Requested 50m cert-manager Created new CertificateRequest resource "hello-world-rl8m5"
Normal Issuing 48m cert-manager Issued temporary certificate
Normal Reused 48m (x2 over 50m) cert-manager Reusing private key stored in existing Secret resource "hello-world"
Name:hello world
名称空间:默认值
标签:
注释:acme.cert-manager.io/http01-override-ingres-name:hello world
cert-manager.io/issue-temporary-certificate:true
API版本:cert-manager.io/v1
种类:证书
元数据:
创建时间戳:2020-10-20T09:57:46Z
世代:2
托管字段:
API版本:cert-manager.io/v1
字段类型:FieldsV1
字段v1:
f:元数据:
f:注释:
.:
f:acme.cert-manager.io/http01-override-ingres-name:
f:cert-manager.io/issue-temporary-certificate:
f:所有者参考:
.:
k:{“uid”:“ad7f81f5-39da-4ed7-855c-19262f012094”}:
.:
f:版本:
f:区块所有者删除:
f:控制器:
f:种类:
f:姓名:
f:uid:
f:规格:
.:
f:dnsNames:
f:issuerRef:
.:
f:小组:
f:种类:
f:姓名:
f:秘书长姓名:
f:状况:
.:
f:条件:
f:nextPrivateKeySecretName:
f:notAfter:
f:不在之前:
f:更新时间:
经理:财务总监
操作:更新
时间:2020-10-20T11:49:41Z
业主参考资料:
API版本:扩展/v1beta1
块所有者删除:true
控制员:对
种类:入口
姓名:你好,世界
UID:ad7f81f5-39da-4ed7-855c-19262f012094
资源版本:3376660
自链接:/api/cert-manager.io/v1/namespace/default/certificates/hello-world
UID:f40ce72b-40b8-4b2d-a7e3-b5f637788e01
规格:
Dns名称:
playway.mywebsite.com
发行人参考号:
组:cert-manager.io
种类:发行人
名称:ssl hello world
秘密名称:你好,世界
地位:
条件:
最后转换时间:2020-10-20T11:49:41Z
消息:证书是最新的,尚未过期
理由:准备好了吗
状态:正确
类型:就绪
最后转换时间:2020-10-20T11:47:05Z
消息:作为机密颁发证书之前是由颁发者颁发的。cert-manager.io/ssl-letsencrypt-hello-world
原因:不正确
状态:正确
类型:发行
下一个私钥秘密名称:hello world vpbxz
不是在2021-01-18T11:49:41Z之后
不在:2020-10-20T11:49:41Z之前
更新时间:2020-12-19T11:49:41Z
活动:
从消息中键入原因年龄
---- ------ ---- ---- -------
正常颁发证书管理器作为机密颁发证书之前由颁发者颁发。cert-manager.io/ssl-letsencrypt-hello-world
普通证书管理器创建了新的证书请求资源“hello-world-rl8m5”
正常颁发48m证书管理员颁发的临时证书
正常重用48m(x2/50m)证书管理器重用存储在现有秘密资源“hello world”中的私钥
command,您是如何尝试连接的?你配置防火墙了吗?我正在尝试通过playery.mywebsite.com:30081和playery.mywebsite.com:31000连接。我点击了命令“sudo ufw disable”。我应该稍后启用吗?